Staff Member

The score is a nice tool that can help find things. But don't use it alone to determine if your server is secure. Diligence like always is the best method, know that there are updates and apply them in a timely fashion. Make backups, and store them off location. Read your logs now and again, or at least the logwatch emails. (if you're not getting those you might look in to that.) Find users who use the system more than others and take steps to limit them or contact them and ask them what they're doing, often times it's a configuration problem that they don't even know about.

What can i use for bruteforce detection and blocking, does CSF do this?

Click to expand...

Strange, mine goes up to 122. Are you running the latest CSF? (I must admit I'm not sure if that top score is different on other servers)

To answer your question, you only need to read the site you got it from:

Login Failure Daemon (lfd)

To complement the ConfigServer Firewall (csf), we have developed a Login Failure Daemon (lfd) process that runs all the time and periodically (every X seconds) scans the latest log file entries for login attempts against your server that continually fail within a short period of time. Such attempts are often called "Brute-force attacks" and the daemon process responds very quickly to such patterns and blocks offending IP's quickly. Other similar products run every x minutes via cron and as such often miss break-in attempts until after they've finished, our daemon eliminates such long waits and makes it much more effective at performing its task.

Login tracking is an extension of lfd, it keeps track of POP3 and IMAP logins and limits them to X connections per hour per account per IP address.

What can i use for bruteforce detection and blocking, does CSF do this?

Click to expand...

Regarding your subject "Is CSF enough for security?" ....

ABSOLUTELY NOT!

CSF is a wonderful tool and Chirpy did a fairly decent job with it and I would also go so far as to recommend it be an essential core component to the security of every hosting server but it is by no means all you should do!

By itself, CSF is not a complete all-inclusive security solution and you should never rely on any single application or single avenue of defense as there is literally millions of other avenues of attack above and beyond what CSF alone can protect you from and more software, tweaks, system configuring, permission settings, and more is needed to get as close as you can to fully addressing the complete list of items that you should address regarding security.

Let's put it this way. I am a professional server security advisor, that is first and foremost what I do. It takes me on average about 10 to 15 seconds to install and configure CSF on a Cpanel server. I have advanced automation tools that go deep into systems and configure thousands of items that can do in seconds and minutes what would take the vast majority of everyone hours and hours to accomplish ....

--- Now with that given, it still takes me between 2 and 4 hours to properly secure a server if that tells you anything at all about how much needs to be updated and secured on your server to really get your server where it should be in regards to security!

Without intimate systems knowledge to be able to really go deep into the server but wanting to setup a reasonably good security solution yourself, I would recommend looking into some of the following items:

Moving your SSH port, setting Protocol 2, and using strong passwords or certificates goes a long way as well.

Look at disabling non-root access to commonly abused tools and commands but don't go too far. If you don't know what scripts use which programs and you disable something used by important processes, you can very much screw up your system.

The above short list will do a lot to help with the security of your server!

Now regarding your posted question on brute force detection, as some of the other forum members pointed out, CSF comes with a tool called LFD that does precisely what you ask and more.

I agree with previous posters - by no means is a piece of security software (no matter how good) enough to protect your servers. You need to monitor httpd access logs, load averages, brute force attempts and the like constantly.

CSF and LFD are fantastic additions to your security efforts, but they are not an alternative for proper server administration.